[Openswan Users] Linux<->Linux RoadWarrior not working

Roland Plüss roland at rptd.ch
Sun Aug 12 13:12:47 EDT 2007 

I have to set up a WLAN protection using VPN. The idea is to have the
laptops connect through VPN only so the WLAN is safe. The following
setup is looked for:

Network-A ( wired ): 192.168.1.0/24
Network-B ( wlan ): 192.168.3.0/24
Gateway: 192.168.3.2/32
Host: 192.168.3.30/32

The latop is able to reside in the Network-A directly if on wire but
should also granted access to the Network-A if inside Network-B ( with
his new IP ). The IP is fixed but more than one laptop exists and I
don't want to make a separate connection for each of them. Using the
following I can get a VPN up but any data send from the laptop is NOT
entering the tunnel. I tried any howto I could get my hands on but for
some reason it just does not work. Any help appreciated.

Gateway:
>>> /etc/ipsec/ipsec.conf
version 2.0
config setup
        nat_traversal=yes
        virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
        nhelpers=0
conn openswan-roadwarrior
        left=192.168.3.2
        leftsourceip=192.168.1.10
        leftsubnet=192.168.1.0/24
        leftnexthop=%direct
        leftid=####
        leftrsasigkey=####
        right=%any
        rightsubnet=vhost:%no,%priv
        rightid=####
        rightrsasigkey=####
        auto=add
        auth=esp
        authby=rsasig
        compress=yes
        pfs=yes                                    
<<<

Laptop:
>>> /etc/ipsec/ipsec.conf
version 2.0
config setup
        nat_traversal=no
        virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
        nhelpers=0
conn openswan-roadwarrior
        left=192.168.3.2
        leftsubnet=192.168.1.0/24
        leftid=####
        leftrsasigkey=####
        right=192.168.3.30
        rightsourceip=192.168.3.30
        rightsubnet=192.168.3.30/32
        rightid=####
        rightrsasigkey=####
        auto=add
        auth=esp
        authby=rsasig
        compress=yes
        pfs=yes                                    
<<<

I tried also using 127.0.0.1 as the sourceip ( and network ) for the
laptop but then ping fails with an error like "invalid operation" or
something like that. If I use this setup the tunnel is established but
pings do not enter the tunnel.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.openswan.org/pipermail/users/attachments/20070812/27c52258/attachment.bin

More information about the Users mailing list